Tech companies revolt as government spying threatens to wreak havok on U.S. business interests
Their call to action comes at the same time as a petition to the White House to overhaul ECPA (the law that defines your more than six-months old email as “abandoned” and thus ok for warrantless spying), with over 66,000 signatures in support, is nearing its final hours.
These big tech companies have banded together to demand the government rein in snooping because they see that fading trust in U.S. technology products is already starting to wreak economic mayhem on some of America’s biggest firms.
They realize it’s time to stop runaway government spying, before its chilling effect on online business and communication threatens to take us back to the 20th century.
The companies have five key principles that government intelligence gathering ought to follow. First, any data gathering should be focused, extending an existing investigation, not fishing for a new one. Think wiretaps on a specific suspect with probable cause, not listening in on every phone call and doing a few keyword searches.
The second principle is also a request to bring e-investigations back into line with traditional policing. The allied companies call on the intelligence agencies to be subject to real adversarial oversight, not the rubber-stamping of the FISA courts.
In order to watch the watchdogs, the tech companies are calling for increased transparency, so it doesn’t take a Freedom of Information Act request to find out what kind of surveillance is being approved and how often.
The tech companies also want increased transparency so they can clear up their own complicity in government snooping. Google, Microsoft, and others were left in a nasty PR fix when they were not permitted to say what kind of data they were compelled to share with the NSA. They were unpleasantly surprised to learn that it wasn’t just their users who had been misled, as the Snowden leaks unfolded.
Not content with the data they requested, the NSA had been tapping into the fiber optic links between internal servers at Google and other companies, skimming off massive amounts of supposedly secure data. It’s not surprising, then, that Microsoft now considers the U.S. government an “advanced persistent threat” — a term previously reserved for foreign-sponsored hackers and cyberterrorists.
With government snoops poking their nose into data as it streams to and from the cloud, it’s no wonder the tech companies devoted one of their principles to “respecting the free flow of information.” Threatening the security of websites and data storage – whether by invading the privacy of users or by building in “back doors” that will eventually be discovered and exploited by other malefactors – will drive users away from the Internet.
Companies might consider going back to handcuffed briefcases and couriers, rather than letting trade secrets go through channels they know have been compromised at least once.
In order to help information flow both freely and securely, the companies specified that “governments should not require service providers to locate infrastructure within a country’s borders or operate locally.” Although they might be spied on anywhere, they fear the precedent the United States is setting of making back-door access a condition of operating within the nation’s borders.
Of course, when it comes to cloud services, it’s a bit unclear how much of a footprint a company needs to have in order to be subject to a nation’s laws. Google obeys local laws (no sassing the king of Thailand), but discloses the censorship requests it gets. They are barred from revealing surveillance requests the same way.
The final principle these companies are calling for is that they shouldn’t each be responsible for parsing contradictory international law. They call upon world governments to set up “a robust, principled and transparent framework to govern lawful requests for data across jurisdictions.” In other words, the nations of the world should all sit down together and work out a transparent and coherent rule for when companies must bow to the demands of intelligence agencies, and when they may refuse.
Perhaps the companies are hoping, with this last demand, that countries like the United States consider the risks of escalating a spying cyber-war. Would we really want to give China or Russia carte blanche to treat Google or Microsoft or Facebook servers the way we do?